Understanding Malware: Tackling the threat

by CXOtoday Staff    Apr 27, 2010

Malware attacks are a growing concern amongst enterprises. It not only results in downtime but also poses the threat of data theft. In the final part of this four part series on malware attacks on enterprises, we provide the steps that can help businesses tackle malware threats.

Measures to counter malware threats
In a business, as far as possible, the use of Internet and other resources for personal purposes should be prohibited or at least restrained. Each computer should be protected by a personal password, known only by its user or a biometric authentication module. Additionally all great attention should be paid to the use of removable storage devices, such as hard-disk drives, flash drives, and memory cards. They are the main infection vector for worms which may open the door to other categories of malware, such as Trojans and viruses that might spread throughout the company network and exploit it for commercial or financial gain.

The company’s mail server is one of the most sensitive links with "the outer world", including its customers. New business opportunities, accounts, sales reports, newsletters, and confidential attachments act like honeypots to cyber-criminals, so they might force their way through poorly secured mail servers. More than that, outsiders also might use the company’s insufficiently secured mail server to send spam on the company’s behalf, which would dramatically impact on the corporate identity and level of customers’ trust.

The next point of interest for any cyber-criminal would be the company’s website. Since most of the small-scale businesses do not have a dedicated IT development team to build the company’s website from scratch, but rather rely on free, open-source content management systems, such as Wordpress, Drupal or Joomla, to name only a few. The downside in using open-source content management systems is that everyone has access to the project’s source code, which allows potential attackers to look for coding flaws and other vulnerabilities in the website’s structure.

Cross-site scripting, code insertion and SQL injections are only a few of the threats associated with website hacking. While cross-site scripting and iFrame insertion would only impact on visitors, SQL injections might expose customer sensitive data such as their address, history of banking transactions (along with credit card information) and e-mail addresses. Should the website fall victim to a hacking attack, it is mandatory that the webserver to be taken down for further investigation and all the exposed customers to be announced on the potential dangers they may be exposed to.

Physical network security is also a key element in protecting the company’s intellectual property and additional information stored on systems and file-servers. For instance, routers and switches should never be placed in rooms that are accessible to everybody, since any unauthorized user may tap into open ports and browse throughout the LAN shared resources.

Updates and backups are also critical aspects when tackling company
security. Customer data, internal processes and other company-specific
information are key elements. However, given the fact that small
businesses probably do not have a full time IT specialist, it is
mandatory that an IT company be hired to regularly perform backups and
if possible educate the personnel with reference to the use of IT
related activities for safety purposes.

The temptation of social networking Web sites, instant messaging, and chain letters represent the door for malware that usually exploits OS’ flaws and bugs. Sometimes, classified formation can be leaked unintentionally by people close to an employee through social network profiles such as Facebook, Twitter, Meeboo or even personal blogs. It is mandatory that employees understand the risks posed by public disclosure or by simply discussing about what happens at the workplace on their personal blogs (unless they are professional communicators and blogging is their major duty within the company).

However, the ideal solution is not banning the social networks, but increasing the users’ awareness regarding the implications and risks this platforms involve. Also, banning social media websites at work will constrain people to use anonymization networks or free proxies that will provide them access to these networks. The problem is these sites they will visit in order to go to their preferred network are unsafe, and will leave the door open to different malware infections, which might be delivered inside the company. So the cost of banning some social networks is higher than not tampering with the employees taste for socialization.

Before a company decides to put their data on a social networking site, or to enhance their channels, groups or profiles, private and corporate users should be aware of the following social or technical security risks they will face.
Data Theft: A social networking site is, basically, an enormous database that can be accessed by many individuals, increasing the risk that information could be exploited.
Involuntary Information Leakage: Firms should be aware of the implications that arise from the data their employees post on social networking sites - for themselves or for the company. In the absence of a strong policy that sets clear lines between personal and corporate content, legal implications are likely to occur.
Targeted Attacks: Information on social networking sites could be used as preliminary reconnaissance, gathering information on size, structure, IT literacy degree and more, for a more in-depth, targeted attack on the company.
Network Vulnerability: All social networking sites are subject to flaws and bugs, whether it concerns login issues, cross-site scripting potential or Java vulnerabilities that intruders could exploit. This could, in turn, cause vulnerabilities in the company’s network.
Spam and Phishing: If an employee uses their work e-mail on a social networking site, there is a 98 percent chance they will receive spam and be targeted for phishing attacks, causing issues on the company’s network.
Content Alteration: Without constant efforts to preserve the identity of the displayed content, and in the absence of reinforced security measures, blogs, channels, groups and profiles might be spoofed or hacked.
Malware Dissemination: Social networking sites provide an ideal and cost-efficient platform for the distribution of viruses, worms and bots, Trojans, spyware and more. Companies with a presence on these sites could be adversely affected.
Business Reputation: Attackers can distort information on companies and people on social networking sites, adversely impacting their reputation.
Infrastructure and Maintenance Costs: Using social networking sites requires additional infrastructure and maintenance resources to ensure the appropriate defensive layers are in place to protect the company.
Productivity Loss: Companies should carefully monitor their employees’ activities on the network to ensure that security is maintained and resources are not being wasted by social networking activities.

Last but not the least the only suitable response for the near future must rely again on the silent and cost-efficient security solution that automatically detects and annihilates threats before they compromise systems. However, access to it should be limited in a company, because there are many cases in which the user turns off the antivirus in favor of the system’s speed or to gain access to a blocked, harmful resource.

This article has been written with inputs from Catalin Cosoi, Senior Antimalware Researcher, BitDefender.